Revision history for Perl extension Net::SinFP.
2.09 Sun Mar 13 12:45:47 CET 2011
-
bugfix: in pod for Net::SinFP::Consts
-
new signatures (sinfp-20110125.db: 188 signatures)
-
NOTE: this should be the last release in 2.xx branch
2.08 Wed Jan 12 15:24:24 CET 2011
-
update: new deformation masks
-
update: improvements on passive fingerprinting analysis
=> greetz to Goulag Parkinson, IpMorph rulez.
-
update: copyright notice
2.07 Fri Dec 24 14:21:08 CET 2010
-
bugfix: padding vs payload issue for TCP options
-
update: more verbose message on closed/filtered port
-
update: copyritht notice
-
update: mailing list link
-
new signatures (sinfp-20101224.db: 158 signatures)
2.06 Mon Dec 18 16:35:25 CET 2006
-
bugfix: in passive mode, when a frame has no TCP layer, do not process it
-
bugfix: in passive mode, when a user specifies -F, SinFP must use it
-
pod: for Result.pm
-
examples: now ships with example files in examples/ directory
-
tests: more tests (pod consistency, pod coverage)
-
new signatures (sinfp-20061218.db, 140 signatures)
2.05 Sat Nov 18 12:40:41 CET 2006
-
bugfix: due to changes in Net::Packet 3.xx, now requires version 3.2x
-
new signatures (sinfp-20061118.db)
2.04 Sun Nov 5 18:59:48 CET 2006
-
Search.pm: new deformation mask added
-
new signatures (sinfp-20061101.db)
2.03 Sun Oct 29 21:57:05 CET 2006
-
Search.pm: new deformation masks added
-
sinfp.pl: default displaying of OS information updated, it is shorter now
-
sinfp.pl: new parameter -C, to show complete OS information like old
behaviour
-
new signatures
2.02 Mon Aug 28 19:56:45 CEST 2006
-
bugfix: when analyzing an anonymized pcap file
-
bugfix: test options length for P2 reply, not P3 reply
-
new signatures
2.01 Sun Jul 2 11:52:43 CEST 2006
-
bugfix: when a target responds to P2, but to not P1, we craft
a fake P1 reply
-
update: display a warning when a signature is matched in a heuristic mode,
but not enough TCP options were received from P2 for a considered
reliable match
-
new signatures
2.00 Wed Jun 14 23:33:16 CEST 2006
-
complete rewrite
-
sinfp.db completely reworked
-
new tests based on comparison between probe and response (TCP seq/ack
comparison, IP ID value comparison)
-
new matching algorithm, works like a search engine (a problem of finding
intersection, by applying a deformation mask on keywords) much more
efficient than in 1.xx branch
-
passive fingerprinting much more acurate thanks to new matching algorithm
-
possibility to launch P1P2P3 probes, or only P1P2 probes, or only P2 probe
-
match IPv6 signatures against IPv4 ones
-
API changes, not compatible with 1.xx version anymore
-
DB schema changes, not compatible with 1.xx version anymore
-
many bugfixes
1.02 Wed May 31 18:50:03 CEST 2006
-
bugfix: in RST response to a probe when it has some L7 data
-
compatibility patches with upcoming Net::Packet 3.00
1.01 Sat May 13 13:03:16 CEST 2006
-
sinfp.db: new signatures, bugfix on some
-
sinfp.db: now installs in the same directory as sinfp.pl, no need to
be root anymore
-
now uses Class::Gomor::Array instead of Hash
1.00 Mon Mar 13 13:37:01 CET 2006
-
sinfp.db: more signatures (IPv4 and IPv6 ones)
-
sinfp.db: migration from DBD::SQLite 1.08 to 1.11
-
Makefile.PL: now installs sinfp.db into /usr/local/share/sinfp when
installation is run as root
-
Makefile.PL: sinfp.pl, np-anon-pcap.pl, np-read-anon.pl are installed into
/usr/local/bin if installation is run as root
-
SinFP: algorithm to match OSFPs is now quicker (especially in passive mode)
-
SinFP: algorithm to match OSFPs is now also a little better
-
SinFP: bugfix when running in offline passive mode (now skip non IP frames)
-
sinfp.pl: -k parameter to keep generated pcap file (default to not)
pcap files are especially useful for unknown fingerprints, send
them to me ;) (use np-anon-pcap.pl to anonymize IPs)
0.92 Mon Jun 20 23:43:53 CEST 2005
-
first public release